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* FreeRDS architecture overview 


e Xrds 


* Wayland FreeRDS compositor 
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FreeRDS 
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FreeRDS > RDP protocol (1/2) 


* Quite old and 90s tainted protocol 
— slow/fast path 
— weird ROP 
— funny bits saving 


* Almost all specs are « public » 
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FreeRDS > RDP protocol (2/2) 


* Security used to be an option 


* Vector operations in the past, codecs now 


* Channels : printing, bi-directionnal sound, serial port 
redirection, drive sharing, remote coffee ? 
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FreeRDS > the project 


e An OSS RDP server (Apache? licence) 


* To be (fully) published soon 


* Inspired by Xrdp but based on FreeRDP 


* Young (2013) 


fppt.com XDC2014 - David FORT — contact Ohardening-consulting.com 


FreeRDS > features 


* Security : RDP4, TLS, NLA 

* Encoding : raw bitmap, planar codec, remoteFx 
* External channel handling 

* Session reconnection 


* Session shadowing 
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FreeRDS > entities 


DP listener \ | | 
LI FreeRDS Ba > Session 
pā S V | 


manager 
RDP peer | 
E | Shm 
Content fork() 
provider 


(Xrds / weston) 
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FreeRDS > in pratice 


* Written in C (FreeRDS) and C++ (sessionManager), 
CMake 


* Based on FreeRDP 

* Linux for now but targets multi-platform 

* Protobuf, thrift and D-Bus 

* Alibrary to help building content providers 
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FreeRDS > under the hood (1/3) 


* Unix socket as a control channel 
— Signaling messages 
— Mouse moves 
— Key presses 


* Shared memory 


— Framebuffer 
FreeRDS 


— Damaged regions 
Unix 
Content 
provider 


(Xrds / weston) 
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FreeRDS > under the hood (2/3) 


At connection, FreeRDS sends 


— Version 
— Screen depth / size 
— Keyboard layout D 
e Content provider answers FreeRDS 
— Byte / bits per pixel | | > / 
— Scanline Ai Shm | 
— Size Fw 
Content 


provider 


(Xrds / weston) 


XDC2014 - David FORT — contact Ohardening-consulting.com 


FreeRDS > under the hood (3/3) 


encode 


LI ~ | m 
n * 


FreeRDS 
RDP peer 
d 


| 'H B] 
Content 
provider 


(Xrds / weston) 
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FreeRDS > key points 


* FreeRDS does RDP 


* Content provider creates the visible content 
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Xrds > about 


* X11 content provider 

* A headless X server like xllvnc 

e FreeRDS DDX, (currently) based on Xorg 1.15 

* Links against the content provider helper library 


( 
Shm 
FreeRDS | | Xrds 


RDP peer 


" 


'Shm. eon 'shm 


X client | X client | X client 
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Xrds > features 


* One mouse (client side pointer) 


* One keyboard : a xkb layout for the remote RDP 
keyboard layout 


* Functional xrandr 
* External program (channel) for clipboard 
* Supports reconnection 
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| love it when a plan comes together 


Xrds > xrandr m'a tuer... 


* Fake modelines, timing, EDID block 


* Use the right unit 


e Race conditions 


* Shut up the Desktop Environment 
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Xrds > crazy pointer update 


* Problem: application updating pointers at a mad 
rate 


* Solution: check pointer changed (pointer cache) 
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Xrds > damage is not damaged 


* Problem : old flash player constantly updates the 
whole screen when the video is paused 


* Solution : frame comparison 
— Split damage in 32x32 tiles 


— Compute the real damage 


* Nice gains even with a fullscreen video 
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Xrds > key points 


* Full X11 environment under FreeRDS 


* Gains for other content providers 
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FreeRDS compositor > about 


* A FreeRDS backend for weston 
* An advanced prototype 


* Your remote desktop running weston 


XDC2014 - David FORT — contact Ohardening-consulting.com 


FreeRDS compositor > features 


* Uses the pixman renderer 


e 1 seat (except with shadowing) 


* Maps the RDP layout to a XKB layout 
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FreeRDS compositor > key points 


«< Works 


e Give ita try ! 
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ā — 


fppt.com XDC2014 - David FORT — contact@hardening-consulting.com 29 


Add support for extended RDP input to weston / Xrds 
(multitouch) 


RDP clipboard in weston 


Graphics with the egfx channel 
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Questions ? rl 


Me: contact@hardening-consulting.com 


Sponsors: office@thincast.com 
FreeRDP: http://github.com/FreeRDP/FreeRDP 
FreeRDS: http://github.com/FreeRDS/FreeRDS 


Weston backend: http://github.com/hardening/weston 
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Extra slides 
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Steps for an RDP server - should compile ... ". 
a" a aas 


$ ./rdp-server 
bash: ./rdp-server: No such file or directory 
$ 
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Steps for an RDP server - listener not listen slk 
na a, 


$ xfreerdp /v:«my host» 
freerdp set last error Ox2000C 
Error: protocol security negotiation or 


connection failure 
$ 
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Steps for an RDP server - black screen 


FreeRDP: 172.16.100.134 
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Steps for an RDP server - fireworks 
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Steps for an RDP server - artifacts 


$$ - FreeRDP: 127.0.0.1 


21:48 


) Jan 2014 


Lppin | local\madrie 
asw CO 


domain: local login: madrie 


c 
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Steps for an RDP server - go for a beer 


9 - FreeRDP: 127.0.0.1 


eh 
2 1 : 5 l Password {sd 


domain: local login: madrie 
10 Jan 2014 
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